AWS Security ChangesHomeSearch

AWS awssupport high security documentation change

Service: awssupport · 2026-05-28 · Security-related high

File: awssupport/latest/user/security-checks.md

Summary

Refined security group vulnerability criteria by removing resource attachment requirement for 'Red' status and eliminating 'Yellow' status for unattached groups

Security assessment

The change modifies security assessment criteria for critical ports (20,21,22,1433,1434,3306,3389,4333,5432,5500). It broadens vulnerability detection by flagging ANY security group with open access to these ports as high risk (Red), regardless of resource attachment. This closes a security gap where unattached groups were previously under-prioritized.

Diff

diff --git a/awssupport/latest/user/security-checks.md b/awssupport/latest/user/security-checks.md
index fc41fa32e..ebc2d8a04 100644
--- a//awssupport/latest/user/security-checks.md
+++ b//awssupport/latest/user/security-checks.md
@@ -2124 +2124 @@ This check reports the resources that are flagged by the criteria and the total
-  * Red: Security Group is attached to a resource and provides unrestricted access to port 20, 21, 22 , 1433, 1434, 3306, 3389, 4333, 5432, or 5500.
+  * Red: Security Group provides unrestricted access to port 20, 21, 22 , 1433, 1434, 3306, 3389, 4333, 5432, or 5500.
@@ -2128,2 +2127,0 @@ This check reports the resources that are flagged by the criteria and the total
-  * Yellow: Security Group is not attached to any resource and provides unrestricted access.
-